The article surveys LSASS credential dumping techniques, explains what secrets LSASS stores, and recommends defenses such as Credential Guard, LSASS PPL, ASR rules, SIEM monitoring, and least privilege.
gdrv3.sys – Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives
Reversing a legitimately signed Windows kernel driver to map 13 IOCTLs exposing physical memory access, MSR read/write, kernel memcpy, and more, and why this is the foundation of every BYOVD attack.